Chapter 14 - NAT
12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT
Transcript of Chapter 14 - NAT
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 1/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-1
Address Space Management
Scaling the Networkwith NAT and PAT
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 2/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-2
Translating Inside Source Addresses
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 3/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-3
Port Address Translation
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 4/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-4
Establishes static translation between an inside local address and aninside global address
RouterX(config)# ip nat inside source static local-ip global-ip
Marks the interface as connected to the inside
RouterX(config-if)# ip nat inside
Marks the interface as connected to the outside
RouterX(config-if)# ip nat outside
Displays active translations
RouterX# show ip nat translations
Configuring and Verifying StaticTranslation
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 5/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-5
Enabling Static NATAddress Mapping Example
RouterX# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 192.168.1.2 10.1.1.2 --- ---
interface s0ip address 192.168.1.1 255.255.255.0ip nat outside!interface e0ip address 10.1.1.1 255.255.255.0ip nat inside
!ip nat inside source static 10.1.1.2 192.168.1.2
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 6/12
© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-6
Establishes dynamic source translation, specifying the ACL that wasdefined in the previous step
RouterX(config)# ip nat inside source list
access-list-number pool name
Defines a pool of global addresses to be allocated as needed
RouterX(config)# ip nat pool name start-ip end-ip
{netmask netmask | prefix-length prefix-length}
Defines a standard IP ACL permitting those inside local addressesthat are to be translated
RouterX(config)# access-list access-list-number permit
source [source-wildcard ]
Displays active translations
RouterX# show ip nat translations
Configuring and Verifying DynamicTranslation
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 7/12© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-7
Dynamic Address Translation Example
RouterX# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 171.69.233.209 192.168.1.100 --- ---
--- 171.69.233.210 192.168.1.101 --- ---
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 8/12© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-8
Overloading an Inside Global Address
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 9/12© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-9
Configuring Overloading
Establishes dynamic source translation, specifying the ACL that wasdefined in the previous step
RouterX(config)# ip nat inside source list
access-list-number interface interface overload
Defines a standard IP ACL that will permit the inside local addressesthat are to be translated
RouterX(config)# access-list access-list-number permit
source source-wildcard
Displays active translations
RouterX# show ip nat translations
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 10/12© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-10
Overloading an Inside Global AddressExample
RouterX# show ip nat translations Pro Inside global Inside local Outside local Outside globalTCP 172.17.38.1:1050 192.168.3.7:1050 10.1.1.1:23 10.1.1.1:23
TCP 172.17.38.1:1776 192.168.4.12:1776 10.2.2.2:25 10.2.2.2:25
hostname RouterX!interface Ethernet0ip address 192.168.3.1 255.255.255.0
ip nat inside!interface Ethernet1ip address 192.168.4.1 255.255.255.0ip nat inside!interface Serial0description To ISPip address 172.17.38.1 255.255.255.0ip nat outside!ip nat inside source list 1 interface Serial0 overload!ip route 0.0.0.0 0.0.0.0 Serial0!access-list 1 permit 192.168.3.0 0.0.0.255access-list 1 permit 192.168.4.0 0.0.0.255!
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 11/12© 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0—7-11
Clears a simple dynamic translation entry that contains an insidetranslation or both an inside and outside translation
RouterX# clear ip nat translation inside global-ip
local-ip [outside local-ip global-ip ]
Clears all dynamic address translation entries
RouterX# clear ip nat translation *
Clears a simple dynamic translation entry that contains an outside
translation
RouterX# clear ip nat translation outside
local-ip global-ip
Clears an extended dynamic translation entry (PAT entry)
RouterX# clear ip nat translation protocol inside global-ip
global-port local-ip local-port [outside local-ip
local-port global-ip global-port]
Clearing the NAT Translation Table
8/10/2019 Chapter 14 - NAT
http://slidepdf.com/reader/full/chapter-14-nat 12/12© 2007 Cisco Systems Inc All rights reserved ICND2 v1 0 7 12
RouterX# show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)Outside interfaces:
Ethernet0, Serial2
Inside interfaces:
Ethernet1
Hits: 5 Misses: 0
…
Displaying Information with show anddebug Commands
RouterX# debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23312]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
